<?php
session_start();
if( isset( $_SESSION['userName'] ) && !empty( $_SESSION['userName'] ) )
{ ///////// LOGOUT PART //////////////////////////////////////
	if( !isset($_POST['logout']) )
	{
	$refPage = "login.php";
	include( "langincluder.php" );
?>

<script type="text/javascript">
function ajaxMe()
{
	var ajax;
	if (window.XMLHttpRequest)
		ajax = new XMLHttpRequest();
	else
		ajax = new ActiveXObject("Microsoft.XMLHTTP");
	
	ajax.open("POST", "./account/login.php", true);
	ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
	ajax.send("logout=1");
	
	ajax.onreadystatechange = function()
	{
		if (ajax.readyState==4 && ajax.status==200)
		{
			if( ajax.responseText == "win!" )
				window.location = "./";
			else alert("wtferr?! "+ajax.responseText);
		}
	}
}
</script>

<div style='text-align : center;'>
<button type='button' onclick="ajaxMe()" style='width:200px; height:50px;'><?php echo $strings['logmeout']; ?></button>
</div>

<?php
	}
	else
	{
	session_unset();
	session_destroy();
	echo "win!";
	}
}
else ///////// LOGIN PART //////////////////////////////////////
{
	$step = (int)$_POST['st'];
	switch( $step )
	{
		case 0 :
		default : // login gui
			$refPage = "login.php";
			include( "langincluder.php" );
?>

<script type="text/javascript">
function isEmpty( inputStr )
{ 
	if ( null == inputStr || "" == inputStr ) 
		return true;
	return false; 
}

function ajaxMe()
{
	var ajax;
	if (window.XMLHttpRequest)
		ajax = new XMLHttpRequest();
	else
		ajax = new ActiveXObject("Microsoft.XMLHTTP");
	
	var uname = document.getElementById("uname").value;
	var passw = document.getElementById("pwd").value;
	if( isEmpty(uname) || isEmpty(passw) ) return;
	
	ajax.open("POST", "./account/login.php", true);
	ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
	ajax.send("st=1&a="+uname+"&b="+passw+"&s="+getCheckedValue());
	
	ajax.onreadystatechange = function()
	{
		if (ajax.readyState==4 && ajax.status==200)
		{
			//alert(ajax.responseText);
			//noSuchUser badPwd inactive ok
			var str;
			switch ( ajax.responseText )
			{
				case 'noSuchUser' : str = "<?php echo $strings['errNoSuchUser']; ?>"; break;
				case 'badPwd' : str = "<?php echo $strings['errBadPwd']; ?>"; break;
				case 'inactive' : str = "<?php echo $strings['errInactive']; ?>"; break;
				case 'ok' : str = "ok!"; document.forms["logform"].submit(); break; ////////////// submiter!!!
				default : str = "<?php echo $strings['errUnknown']; ?>"+ajax.responseText; break;
			}
			document.getElementById("infoer").innerHTML = str;
		}
	}
}


function getCheckedValue() 
{
	var radioObj = document.forms['sessionLen'].elements['num'];
	var radioLength = radioObj.length;
	if(radioLength == undefined)
		if(radioObj.checked)
			return radioObj.value;
		else
			return "";
	for(var i = 0; i < radioLength; i++) {
		if(radioObj[i].checked) {
			return radioObj[i].value;
		}
	}
	return "";
}


</script>

<div style="text-align : center">
<form  id='logform' method="POST" action="./">
<?php echo $strings['uname']; ?> <input type="text" id="uname"><br><br>
<?php echo $strings['pwd']; ?> <input type="password" id="pwd"><br>
</form>
<button type="button" onclick="ajaxMe()"><?php echo $strings['login']; ?></button><br>
</div>

<?php echo $strings['sessLen']; ?>
<form name="sessionLen">
<input type="radio" name="num" value="600"><?php echo $strings['10min']; ?><br>
<input type="radio" name="num" value="1800"><?php echo $strings['30min']; ?><br>
<input type="radio" name="num" value="7200" checked><?php echo $strings['2h']; ?><br>
<input type="radio" name="num" value="win"><?php echo $strings['forever']; ?><br>
</form>

<div style="text-align : center; padding-top : 20px;" id="infoer"></div>

<?php
			break;
		case 1 : // do the login
			error_reporting(0); //////////////////////////////
			$u = $_POST['a'];
			$p = $_POST['b'];
			if( !$u || !$p )
			{
				echo "empty"; break;
			}
			
			require( "../sql/sqlCon.php" );
			
			if( !get_magic_quotes_gpc() )
			{
				$u = mysql_real_escape_string($u);
				$p = mysql_real_escape_string($p);
			}
			
			$q = mysql_query("SELECT * FROM $usersTableName WHERE userName = '$u'");
			$r = mysql_fetch_array($q);
			
			if( !isset($r['userId']) )
			{
				echo "noSuchUser";
				break;
			}
			$uid = $r['userId'];
			
			if( $r['sha1Pass'] != sha1($p) )
			{
				echo "badPwd";
				break;
			}
			
			if(0&& $r['inactive'] )
			{
				echo "inactive";
				break;
			}
			
			$sessLen = $_POST['s'] == "win" ? "36000000" : (int)$_POST['s'];
			
			session_start();
			setcookie(session_name(), session_id(), time()+$sessLen, '/');
			
			
			$_SESSION['userId'] = $r['userId'];
			$_SESSION['userName'] = $r['userName'];
			
			$q = mysql_query("SELECT userLevel, lang FROM $usersExtendedTableName WHERE userId = '$uid'");
			$r = mysql_fetch_array($q);
			
			$_SESSION['userLevel'] = $r['userLevel'];
			$_SESSION['lang'] = $r['lang'];
			
			echo "ok";
			break;
	}

}
?>